🔥Early Access: Land A High Paying Web3 Job In 90 Days LEARN MORE

Radiant Capital allegedly hacked and $51m stolen

In this post:

 

  • Radiant users have been warned to be cautious.
  • According to Ancilia, the problem emanated from a backdoor contract deployed.
  • Scams involving digital assets are fast-growing on the increase in digitalization and adoption of digital assets.

Radiant Capital has allegedly been hacked with scammers siphoning $51,5 million so far from the accounts. The attack is reportedly isolated to Arbitrum and BSC.

According to Arkham Intelligence data, the attack started Wednesday afternoon on Radiant’s Ethereum Layer 2 Arbitrum before moving to BNB Chain.

Radiant users are warned to be cautious

In a post on X platform, Web3 real-time security and hack prevention Ancilia Inc. warned the market of the breach and confirmed the illegal activity which resulted in the transferFrom user’s account through contract 0xd50cf00b6e600dd036ba8ef475677d816d6c4281.

Ancilia, who first reported the compromise indicated that the problem likely emanated from a backdoor contract deployed on the BSC network and cautioned Radiant users to revoke all Radiant contract addresses as a precautionary measure.

“Please revoke your approval ASAP. It seems like the new implementation had vulnerability functions,” warned Ancilia on the X platform.

A transferFrom exploit uses a smart contract transferFrom function to allow one account to send a number of tokens from a target account to a third account. This usually requires a victim’s account to grant permission to interact with a spoofed wallet address.

Security research lead at Fuzzland, Tony Ke told the Block while the Ethereum and Base deployments appeared secure, it was still critical to exercise extreme caution.

“Radiant capital has fallen victim to a hack causing $51m in losses across Arbitrum and BnB chain. The Ethereum and Base deployments seem to be secure but we would warn anyone to be careful interacting with these contracts at this time,” Ke said.

Crypto scams on the increase

In their post on X platform, Ancilia also indicated that a backdoor contract was deployed at around 17:09 UTC on Wednesday which enabled the attacker to get unauthorized access and begin transferring tokens.

See also  Paxos launches USD-backed USDG stablecoin with Singapore’s DBS Bank

“Radiant leverages a multisig setup for their smart contract controls which seems to have been compromised internally,” Ke said.

According to Ke, the attack profile insinuates that someone was either phished or there was a compromised computer. There is also a possibility of an inside attacker that led to Radiant Capital’s private keys leaking.

“As we learn more information about how this occurred, we will try to work in conjunction with the Radiant team to help in any fund recovery efforts possible,” Ke said.

The attacker reportedly wrapped versions of BNB, ETH, USDC, and USDT tokens from a Radiant Capital-controlled wallet into a single address that starts with 0x0629b, which is said to be holding over $5 million worth of tokens. However, the same wallet’s account on DeBank was reportedly showing a $51 million balance with a 2,619,512.54% increase in token holdings since it was created.

The hack comprised over 10% of crypto losses Peckshield spotted last month. Last month, hackers stole over $120 million from DeFi protocol.

Another breach occurred on Singapore-based BingX where hackers stole $40 million, although the platform later reopened. This comes as scams involving digital assets are also increasing due to the increased adoption of digitalization and digital assets across the world.

Share link:

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Editor's choice

Loading Editor's Choice articles...
Cryptopolitan
Subscribe to CryptoPolitan